Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Authenticator Definition #1931

Merged
merged 2 commits into from
Aug 16, 2023
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 5 additions & 3 deletions index.bs
Original file line number Diff line number Diff line change
Expand Up @@ -952,11 +952,13 @@ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "S
: <dfn>[WAA]</dfn>
:: A cryptographic entity, existing in hardware or software, that can [=registration|register=] a user with a given [=[RP]=]
and later [=Authentication Assertion|assert possession=] of the registered [=public key credential=], and optionally
[=user verification|verify the user=], when requested by the [=[RP]=]. [=Authenticators=] can report information
emlun marked this conversation as resolved.
Show resolved Hide resolved
regarding their [=authenticator types|type=] and security characteristics via [=attestation=] during [=registration=].
[=user verification|verify the user=] to the [=[RP]=]. [=Authenticators=] can report information
regarding their [=authenticator types|type=] and security characteristics via [=attestation=] during [=registration=]
and [=assertion=].

A [=[WAA]=] could be a [=roaming authenticator=], a dedicated hardware subsystem integrated into the [=client device=],
or a software component of the [=client=] or [=client device=].
or a software component of the [=client=] or [=client device=]. A [=[WAA]=] is not necessarily confined to operating in
a local context, and can generate or store a [=credential key pair=] in a server outside of [=client-side=] hardware.

In general, an [=authenticator=] is assumed to have only one user.
If multiple natural persons share access to an [=authenticator=],
Expand Down
Loading